Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Software Linux

Linux 2.4.24 Release Fixes Root Vulnerability 436

diegocgteleline.es writes "Linux Kernel 2.4.24 has been released and is available on kernel.org. It seems there's a bug in the mremap(2) system call, where a local user can get root privileges.The new version has been released only with the most important bugs fixed - the rest of the changes have been postponed (those changes include the XFS filesystem)."
This discussion has been archived. No new comments can be posted.

Linux 2.4.24 Release Fixes Root Vulnerability

Comments Filter:
  • 2.4.x? (Score:5, Funny)

    by devphaeton ( 695736 ) on Monday January 05, 2004 @12:11PM (#7881954)
    I thought that everyone jumped to the 2.6.0 by now?

    Oh wait, it's been 2 weeks already,
    TIME FOR A RECOMPILE!!
  • by kevin_conaway ( 585204 ) on Monday January 05, 2004 @12:13PM (#7881970) Homepage
    Was this bug introduced in 2.4.23 or has it been in the 2.4 series all along ?
  • by cyt0plas ( 629631 ) * on Monday January 05, 2004 @12:15PM (#7881988) Journal
    Was this one of the usual "inform, wait, release" cases, or is this one of those "oh crap! time for a fix!" cases.

    In other words, should I, Joe Schmoe SysAdmin be afraid of the script kiddies yet?
    • by Xzzy ( 111297 ) <`gro.h7urt' `ta' `rehtes'> on Monday January 05, 2004 @12:24PM (#7882087) Homepage
      > should I, Joe Schmoe SysAdmin be afraid of the script kiddies yet?

      As soon as an exploit is publicised, yes you should.

      Since it's a local exploit it's not as bad as it could be, but I guarantee you if a rootkit didn't already exist, once is being worked on now.

      If you trust all your open services to not execute foreign code you can probably doze a bit, but that's walking on a razor's edge.
    • *raises eyebrow* (Score:3, Insightful)

      by Faust7 ( 314817 )
      Joe Schmoe SysAdmin

      Isn't that an oxymoron?

      ...

      Well, it should be.

  • Changelog (Score:5, Informative)

    by SuperDuG ( 134989 ) <[be] [at] [eclec.tk]> on Monday January 05, 2004 @12:18PM (#7882016) Homepage Journal
    List: linux-kernel
    Subject: linux-2.4.24 released
    From: Marcelo Tosatti
    Date: 2004-01-05 13:55:57

    - 2.4.24-rc1 was released as 2.4.24 with no changes.

    Summary of changes from v2.4.23 to v2.4.24-rc1

    <bjorn.helgaas:hp.com>:
    &nbs p; - Fix 2.4 EFI RTC oops

    <marcelo.tosatti:cyclades.com>:
    - Andrea Arcangeli: malicious users of mremap() syscall can gain priviledges

    <marcelo:logos.cnet>:
    - Harald Welte: Fix ipchains MASQUERADE oops
    - Change EXTRAVERSION to 2.4.24-rc1

    <trini:mvista.com>:
    - /dev/rtc can leak parts of kernel memory to unpriviledged users

    Jean Tourrilhes:
    - IrDA kernel log buster

    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/
    Sorry it just seemed a bit more informative than the "YES" reply ...
  • Well... (Score:2, Interesting)

    by Film11 ( 736010 )
    This doesn't apply to me since I don't have Linux...yet. I plan to get a Knoppix cd, after all, it was on a PCFormat that came a while ago, if only I could find it. Although I know nothing about Linux, so some links to some beginner sites could be useful =\.
    Also, is Linux more secure than Windows, because I hear a fair amount of Linux security holes more than Windows, or maybe I'm just not perceptive enough.
    • Re:Well... (Score:2, Insightful)

      by Anonymous Coward
      Microsoft has a lot more security issues than any typical linux distro.
      They only reason you don't hear about them so often anymore, is the fact that they recently changed from a weekly patch release cycle, to a monthly patch release cycle.

      That, and Automatic Updates. ;-)
    • Re:Well... (Score:5, Insightful)

      by RoLi ( 141856 ) on Monday January 05, 2004 @12:46PM (#7882319)
      Holes like elevation of privileges (like this one) cannot be used by worms since they work only when you already have access to the system. So while these bugs are bad enough, they are still not nearly as bad as the Win-RPC, or the bugs that allowed Nimda, CodeRed etc. to exist.
    • Re:Well... (Score:5, Informative)

      by CommandNotFound ( 571326 ) on Monday January 05, 2004 @12:51PM (#7882369)
      Also, is Linux more secure than Windows, because I hear a fair amount of Linux security holes more than Windows, or maybe I'm just not perceptive enough.

      All advanced operating systems can be insecure depending on configuration.

      However, regarding your specific question, you see more security exploits for Linux probably because Linux has both remote and local exploits; the vast majority are local exploits. A local exploit is usually only a concern in a multiuser mainframe-style environment where you have "trusted" users who can log in to the machine. These users can log in and use a local exploit to elevate their priviliges on the machine. If the user doesn't have a login account, they do not have the opportunity to perform the exploit. Local exploits generally use buffer overflows or hijack split-second temp files to do their nastiness.

      Windows generally does not operate in a multiuser fashion, so these exploits are not as pertinent. Having written Windows software for years, I can tell that if local exploits ever become a concern for Windows (e.g. if Windows ever goes multiuser in a big way, where a local user may want to exploit the machine), almost every Windows application will have big problems with local exploits, since they have been built assuming that the local system is single-user and temp files and registry entries are assumed to be safe.
      • by Kjella ( 173770 ) on Monday January 05, 2004 @01:02PM (#7882462) Homepage
        Having written Windows software for years, I can tell that if local exploits ever become a concern for Windows (e.g. if Windows ever goes multiuser in a big way, where a local user may want to exploit the machine), almost every Windows application will have big problems with local exploits

        ...are pretty much only for convienience, that is to keep user settings and such separate among a group of mutually trusted users (like say, a family). There's not much in terms of real security.

        That users created at install time default to admins with no passwords only goes to prove that even more. Which is fine, as long as a) noone unauthorized can get to the machine and b) all the users trust eachother.

        On the other hand, local exploits are a grave concern in many settings, say for example a university where each student has a local account. So they should by no means be taken lightly, even if they don't produce worms.

        Kjella
  • Nice (Score:2, Insightful)

    by Anonymous Coward
    I don't expect I'll be switching to 2.6 until May. The 2.6.1 release is very important to me as it includes a lot of patches previously rejected by Linus. I expect by May we'll have 2.6.3 at least and this kernel will be on its way to rock solid stability. As for now, 2.4 is in maintenance mode and will only be updated for bug fixes. This is great because it will replace the 2.2 kernel in this arena. But in this limbo we are in now, 2.4 is good enough for me.
  • Quick! (Score:5, Funny)

    by Anonymous Coward on Monday January 05, 2004 @12:19PM (#7882035)
    Use Depenguinator [slashdot.org] on all the unpatched boxen! Let the revolution begin! >:)
    • Re:Quick! (Score:2, Flamebait)

      by Xpilot ( 117961 )
      Use Depenguinator on all the unpatched boxen! Let the revolution begin! >:)

      Ugh, a BSD troll. How come these guys are tolerated?

    • Now that you mention it, there have been a few more downloads of that package than usual today...
  • by Anonymous Coward
    This is a quick and simple fix.

    patch -p1 < patch-2.4.24
    make clean dep
    make bzImage modules_install

    Depending on your situation, configure your boot loader - grub or lilo - to recognize the new image.

  • by Dibblah ( 645750 ) on Monday January 05, 2004 @12:21PM (#7882058)
    AAAAAARGH!

    It's XFS. NOT XFS Filesystem. I'm gonna do something illegal to the next person that says ATM machine, too.
  • ...not only is there a fix already, but I didn't have to badger anyone to get it - it was announced! Off to emerge my new kernel... ;)
  • Can't Wait! (Score:3, Insightful)

    by gillbates ( 106458 ) on Monday January 05, 2004 @12:22PM (#7882071) Homepage Journal
    For the Microsoft trolls to pick this one up.

    Is this just more proof that Linux was built by amateurs? Or wait - I know - that Linux can't be trusted because the source code is open.

    Now, for those who think I'm serious, think about it for a moment. Slashdot hypes up every single MS vulnerability as "proof" that MS systems are inherently insecure. And I wouldn't disagree that MS systems are insecure. But discovering a single (or a few) vulnerability doesn't make an OS insecure.

    What it comes down to is vigilance and design. The numerous security holes in MS products are a result of bad design, not merely a mistake or two. And this is the big difference between this vulnerability - a mere isolated mistake - and Microsoft's complete lack of engineering which ensures that their software _will_ have security holes.

    Okay, flame away Microsofties!
    • Re:Can't Wait! (Score:3, Insightful)

      by TWX ( 665546 )
      Not only that, but Open Source/Linux tends to state specifically what the problem is, where to see it, and what the exact fix as code is, versus just relying on some international megacorporation to release a binary-only patch that one has to trust doesn't contain any more report-ware or additional bugs.

      Even with Linux's problems, I'll take it any day over MS OSes. At least Linux developers are honest about their mistakes.
    • Re:Can't Wait! (Score:3, Interesting)

      I'm not backing Microsoft, because how much is it worth being comparatively secure to another product (they've got three remote-roots and we've only got two!).

      I'm still convinced that a closed-source competently-designed operating system will be, on the whole, less vulnerable than an open-source competently-designed operating system. The theoretical million eyes on the source isn't worth as much as it (used to be) hyped, because you're not talking about a million security professionals and you're really

    • Re:Can't Wait! (Score:3, Insightful)

      by pballsim ( 119438 )
      Personally I believe this shows that people are making the software and people make mistakes. Some mistakes are more stupid than others.

      I remember an exploit in the apache code that when they received an image that was bigger then there buffered they doubled the size of the buffer (ONCE!). (This was in November, not sure if they fixed it).

      I think this should just make the Linux and Microsoft and whatever communities be more humble and stop some of these flame wars.

      Linux/Unix/Microsoft all have their ad
      • "I think this should just make the Linux and Microsoft and whatever communities be more humble and stop some of these flame wars."

        It's a little hard to resist the urge to say "See! Linux has problems too!" when every story involving Microsoft on Slashdot is spun out of proportion.
    • The numerous security holes in MS products are a result of bad design, not merely a mistake or two

      Dare to explain why they are bad design and not coding mistakes in Windows case ?
      • *ANY* exploit that involves the 'My Computer Zone' or similar is due to bad design. When the fundamental security design is screwed, you're stuck with either throwing it out entirely, or patching, patching, patching, patching as new ways around it are found.
    • Re:Can't Wait! (Score:4, Insightful)

      by NanoGator ( 522640 ) on Monday January 05, 2004 @01:24PM (#7882665) Homepage Journal
      "Is this just more proof that Linux was built by amateurs? Or wait - I know - that Linux can't be trusted because the source code is open... Now, for those who think I'm serious, think about it for a moment. Slashdot hypes up every single MS vulnerability as "proof" that MS systems are inherently insecure. And I wouldn't disagree that MS systems are insecure. But discovering a single (or a few) vulnerability doesn't make an OS insecure."

      So doesn't it stand to reason then that the 'Microsoft Trolls' are simply giving you a taste of your own medicine? If Slashdot weren't out to sensationalize Microsoft at every turn, you wouldn't have to deal with 'Microsofties' forcing you to eat a bit of humble pie when these things come along.

      In short: People in glass houses...
  • by Anonymous Coward
    2.6 seemed pretty good to me, except one thing: I play games like enemy territory and map times just kept getting longer and longer as I played. Only shutting down et and restarting solved it. On 2.4 the maps load at about 20-30 secs, in 2.6 it would start at that and keep getting longer, last map was over 2 minutes until I was disconnected from server.

    I tried 2.6.1rc1 and with the -mm patch. Same thing. So now I'm back with 2.4.3. But in last few versions of the 2.4 series I get extreme slowdowns whe
    • Sounds like you're running your X window system with a nice value. Handy trick for better responsiveness in 2.4, but lethal in 2.6.

      Nice values *really* make a difference in 2.6
    • Slashdot is probably not the best forum to get a timely response from the maintainers of the relevant parts of the kernel or X. Perhaps you should file a bug report in a more appropriate place?
  • Ok, I know that I have read here that a few groups are making new updates for RedHat 7.3, but now I can't remember which story or groups. Anybody remember which story that was. As I recall one group was going to charge $5/machine and another was going to do it for free. I don't think that Fedora Legacy ever got around to supporting the old RedHat stuff, or did they?

  • by Kalak ( 260968 ) on Monday January 05, 2004 @12:44PM (#7882292) Homepage Journal
    Possibly due to the fact that the last kernel fix was a week ago, or just that the patch is minoor, or because RH is being kind to those of us who still have reasons to run RH 7.3 just yet, but look to RH for a kernel update if you need one for 7.x and 8 [redhat.com] which are unsupported in 2004. Thanks RedHat. Saved me a panicked kernel decision. I desperately didn't want to return from a vacation to a timetable jump of a few weeks.
  • by Ktistec Machine ( 159201 ) on Monday January 05, 2004 @02:02PM (#7883021)
    Hi folks,

    I remember, back when the last ptrace bug was found, some kind soul created a kernel module that (a) renamed the current ptrace function to something else and (b) implemented a new wrapper function that first checked to see if you were root, before deciding whether to call the old ptrace. Slick!

    I'm surprised this sort of workaround hasn't been done for other kernel bugs. It seems it wouldn't even have to be a workaround. A module could actually provide a new, repaired version of the buggy routine. Couldn't it?

    I can imagine insmoding a list of "kernel-fix" modules at boot time. Then, every once in a while , I'd upgrade my machines to a new kernel, but without the urgency of getting a new kernel installed RIGHT NOW! to fix a small (code-wise) security problem.

    • by Anonymous Coward on Monday January 05, 2004 @04:06PM (#7884344)
      I remember, back when the last ptrace bug was found, some kind soul created a kernel module that (a) renamed the current ptrace function to something else and (b) implemented a new wrapper function that first checked to see if you were root, before deciding whether to call the old ptrace. Slick!

      Modules (or really any third-party code regardless of method be it /dev/kmem or modules or whatever) having access to the syscall table of a running kernel is (1) evil, (2) nonportable - it won't work on many of our architectures, and (3) likely to become even harder as the kernel gurus try to defeat people doing stupid things like this.

      BTW, this also affects things like (why would you need this?) realtime virus scanners that hook syscalls. Please, don't do this. If the argument is that you need the machine to stay up because it's too important to reboot for a patch, then you definitely should not be inserting modules that *intentionally overwrite important chunks of kernel memory* because if there's the slightest thing wrong, your machine will either crash or begin to do bizarre things. You could end up with data corruption and/or loss for an extended period before you even realize it. Do not do this. It is not what you want. Believe me.

"Hello again, Peabody here..." -- Mister Peabody

Working...